SAP Authorizations Maintain derived roles - SAP Basis

Direkt zum Seiteninhalt
Maintain derived roles
Authorization concept of AS ABAP
A far more elaborate way is the identification via the business roll customising. Here you first identify the technical name of the area start page or the logical link in the customising of your business role in the CRMC_UI_PROFILE transaction. If you have an area start page, check the technical name of the corresponding logical link. The next step is to switch to the navigation bar customising in the transaction CRMC_UI_NBLINKS and identify to the technical name of your logical link the corresponding target ID in the View Define logical link. If you use the target ID as the search parameter in the CRMC_UI_COMP_IP table, you will get the information about component name, component window, and inbound plug as the search result.

The Security Audit Log can also log customer-specific events in restricted way starting with SAP NetWeaver 7.31. The event definitions DUX, DUY and DUZ are reserved for customers and delivered with a dummy expression. For these events, you can then define individually configurable messages using the RSAU_WRITE_CUSTOMER_EVTS function block. To do this, you must first identify the additional necessary events and define their message texts and variables. Note that you may not change the meaning of the message and the arrangement of the variables later, as this would prevent older log files from being readable. Finally, you must include the new message definitions in your filters (transaction SM19). You will find the corrections and an overview of the required support packages in SAP Note 1941526. Since the use of this functionality requires extensive knowledge about the Security Audit Log, it is important that you also consider the recommendations in SAP Note 1941568 and that you can be supported by a basic consultant.
Create order through role-based permissions
Single sign-on (SSO): This solution is useful if you have not yet used SSO for your SAPS systems or if not all SAP systems are integrated into the SSO solution. In such cases, you must implement the Web application in a system that supports SSO logins, such as Central User Management (ZBV), SAP Identity Management (ID Management), or Active Directory (AD).

You can create such an organisational matrix as an Excel file or in ABAP; This depends on how you want to read the data. When using a common standard solution (e.g. SAP Access Control), a corresponding maintenance view is usually offered. We first describe how you can provide automated mass care in the form of a custom development.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

This transaction is intended for migration tasks, but is also very well suited to allow a particular transaction to be repeated and automated.

In the following we describe the logic behind this authorization object and what it is important to avoid.
SAP BASIS
Zurück zum Seiteninhalt